Black Hat 2016 presentations are sure to represent some of the highest quality, most cutting edge research in the security community. The bar for Black Hat talks is higher than other popular information security conferences and as such, some of the most interesting things you’ll hear all year in the infosec community come out of Vegas.

The ZeroFOX Research team will be presenting our own research on weaponizing data science for Twitter spear phishing, which you can check out here, but we wanted to highlight the 5 Black Hat 2016 talks we were most excited about going to. As a group of avid security researchers and data scientists, we appreciate a good technical conference presentation.

In no particular order, our top 5 Black Hat 2016 talks…

AirBnBeware: Short Term Rentals, Long Term PwnagePresenter: Jeremy Galloway: Security Intelligence, AtlassianDate/Time: Thursday, August 4th, 2:10-1:00Location: South Seas IJWhy We’re Excited About It
First and foremost, awesome title. Our specialty is social media threats and, in many ways, AirBnb and HomeAway are social networks. We appreciate researchers who understand and grapple with the kind of threats that emerge when cybercriminals can engage with individual users. We’re also not surprised that new vulnerabilities are beginning to arise given that many of these platforms haven’t received the same level of security scrutiny from its users as e-mail or other traditional attack vectors. But we’re excited to learn about some AirBnb TTPs involving configuring home routers into password and PII-siphoning devices, essentially able to pwn either future guests or even the host themselves. Despite this time-honored problem’s established reputation in the security world, the recent massive uptick in social networking apps like AirBnb means we’ve never been more worried about wifi signals (and that’s saying something).

Exploiting Curiosity and Context: How to Make People Click A Dangerous Link Despite their Security AwarenessPresenter: Zinaida BenensonDate/Time: Wednesday, August 3rd, 11:3-12:20Location: South Seas ABEWhy We’re Excited About It
As security people, we think we’re pretty good at not clicking on malicious links. It’s kind of our thing. However, we’re curious to see what tactics Zinaida has had success with while phishing social media users like us — we like seeing other approaches that inform our own process. Though performed on Facebook and not Twitter, the talk will hopefully echo some of the take-home points of ours, including highlighting the relative nonchalant security approach assumed by your typical social media user. Our work differs though as we will use machine learning to automate the spear phishing process, and hence be able to reach out to a wider demographic and vaster audiences.

Applied Machine Learning For Data Exfil And Other Fun TopicsPresenter: Brian Wallace, Matt Wolf, Xuan Zhao (Cylance)Date/Time: Wednesday, August 3rd, 11:30-12:20pmLocation: South Seas CDFWhy We’re Excited About It
At ZeroFOX, we’re suckers for machine intelligence. We’re also suckers for “other fun topics.” As highlighted by our talk, offensive machine learning is on the rise and will undoubtedly begin to pose increasing risks to organizations and individuals. If the adversary can automate their attack in a data-driven way, the security defenses of the future must be able to flexibly adjust at a faster pace, else be circumvented. Ideally, the security community will be able to adapt to these new techniques and develop countermeasures. Towards this goal, the talk seems to highlight interesting use cases to which machine learning can be applied, which will help prod the community into a machine learning-based mindset, in anticipation of these new and continually evolving capabilities.

An AI Approach To Malware Similarity Analysis: Mapping The Malware Genome With a Deep Neural NetworkPresenter: Konstantin BerlinDate/Time: Thursday, August 4th, 5:00-5:25pmLocation: Lagoon KWhy We’re Excited About It
Promoting a defensively oriented machine learning application, this talk applies state of the art techniques to the classic problem of malware detection. Deep neural networks incorporate brain-like processing capabilities of interacting neurons and synapses, and typically excel when trained with enormously large datasets. Simple mathematical operations are applied in succession in order to transform the input and help the model learn an empirical representation of the data in question, allowing it to accurately generalize to previously unseen examples. The authors claim that applying such powerful techniques to the domain of malware analysis seems to have achieved faster, more reliable, more flexible and more accurate results compared with the stagnant approaches of the past.